boot: boot_serial: Fix issue with encrypted second slot images

Fixes issues whereby encrypted images were not properly listed due to not treating them as encrypted, also removes a piece of wrong hack code that would never run as the primary slot cannot be encrypted. Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
mcu-tools · Jul 21, 2023 · 9bcef0e · 9bcef0e
1 parent 72e7d34
commit 9bcef0e
Show file tree

Hide file tree

Showing 10 changed files with 423 additions and 399 deletions.
diff --git a/boot/boot_serial/include/boot_serial/boot_serial_encryption.h b/boot/boot_serial/include/boot_serial/boot_serial_encryption.h
@@ -0,0 +1,32 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ */
+
+#ifndef H_BOOT_SERIAL_ENCRYPTION_
+#define H_BOOT_SERIAL_ENCRYPTION_
+#include "bootutil/fault_injection_hardening.h"
+
+/**
+ * Validate hash of a primary boot image doing on the fly decryption as well
+ *
+ * @param[in] fa_p flash area pointer
+ * @param[in] hdr boot image header pointer
+ * @param[in] buf buffer which is used for validating data
+ * @param[in] buf_size size of input buffer
+ *
+ * @return FIH_SUCCESS on success, error code otherwise
+ */
+fih_ret
+boot_image_validate_encrypted(const struct flash_area *fa_p,
+ struct image_header *hdr, uint8_t *buf,
+ uint16_t buf_size);
+
+/**
+ * Handle an encrypted firmware in the main flash.
+ * This will decrypt the image inplace
+ */
+int boot_handle_enc_fw(const struct flash_area *flash_area);
+
+#endif
diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c
@@ -73,7 +73,7 @@
 #endif
 
 #ifdef MCUBOOT_ENC_IMAGES
-#include "single_loader.h"
+#include "boot_serial/boot_serial_encryption.h"
 #endif
 
 #include "bootutil/boot_hooks.h"
@@ -293,18 +293,16 @@ bs_list(char *buf, int len)
  if (FIH_EQ(fih_rc, FIH_BOOT_HOOK_REGULAR))
  {
 #ifdef MCUBOOT_ENC_IMAGES
- if (slot == 0 && IS_ENCRYPTED(&hdr)) {
- /* Clear the encrypted flag we didn't supply a key
- * This flag could be set if there was a decryption in place
-  * performed before. We will try to validate the image without
- * decryption by clearing the flag in the heder. If
- * still encrypted the validation will fail.
- */
- hdr.ih_flags &= ~(ENCRYPTIONFLAGS);
+ if (IS_ENCRYPTED(&hdr)) {
+ FIH_CALL(boot_image_validate_encrypted, fih_rc, fap,
+  &hdr, tmpbuf, sizeof(tmpbuf));
+ } else {
+#endif
+ FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, &hdr,
+  fap, tmpbuf, sizeof(tmpbuf), NULL, 0, NULL);
+#ifdef MCUBOOT_ENC_IMAGES
  }
 #endif
- FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, &hdr, fap, tmpbuf, sizeof(tmpbuf),
- NULL, 0, NULL);
  }
  }
 
@@ -862,14 +860,23 @@ bs_upload(char *buf, int len)
  zcbor_map_end_encode(cbor_state, 10);
 
  boot_serial_output();
- flash_area_close(fap);
 
 #ifdef MCUBOOT_ENC_IMAGES
- if (curr_off == img_size) {
- /* Last sector received, now start a decryption on the image if it is encrypted*/
- rc = boot_handle_enc_fw();
+ /* Check if this upload was for the primary slot */
+#if !defined(MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD)
+ if (flash_area_id_from_multi_image_slot(img_num, 0) == FLASH_AREA_IMAGE_PRIMARY(0))
+#else
+ if (flash_area_id_from_direct_image(img_num) == FLASH_AREA_IMAGE_PRIMARY(0))
+#endif
+ {
+ if (curr_off == img_size) {
+ /* Last sector received, now start a decryption on the image if it is encrypted */
+ rc = boot_handle_enc_fw(fap);
+ }
  }
-#endif //#ifdef MCUBOOT_ENC_IMAGES
+#endif
+
+ flash_area_close(fap);
 }
 
 #ifdef MCUBOOT_BOOT_MGMT_ECHO